Questions May Return an Incorrect Value: F5© Alert of the Week: iRules using DNS

This is a real life sample alert from indeni for F5 Load Balancing Methods

Description:

The DNS::question iRule command may return an incorrect value.

This issue occurs when all of the following conditions are met:
* An iRule for an LTM DNS event runs the DNS::question command, the iRule then runs a command that suspends the iRule, and after the iRule resumes, the DNS::question command is run again.
* While the iRule was suspended, a subsequent DNS query is processed, triggers the iRule event, and runs the DNS::question command for the subsequent query.

When the suspended iRule resumes and runs the DNS::question command, the value is read from the memory location that was written for the initial DNS::question command. However, because a subsequent DNS query was received, the system will have overwritten the memory location with the value of the subsequent query.

Affected iRules:

/Common/Custom_iRule_1202 uses DNS::question

Manual Remediation Steps:

This device is running a vulnerable version but the iRule referred to above needs to be examined closely to check if it is sensitive to the issue. Please read SOL15489.

How does this alert work?

indeni cross-checks the iRules’ actual content and the current software version used on the F5 device with known issues and alerts when a match is found.

More F5 Load Balancing Methods in our newsletter.

[ninja_form id=20]

 

Leave a Reply